[go: up one dir, main page]

WO2024117489A1 - Dispositif et procédé pour prendre en charge un service à distance - Google Patents

Dispositif et procédé pour prendre en charge un service à distance Download PDF

Info

Publication number
WO2024117489A1
WO2024117489A1 PCT/KR2023/014213 KR2023014213W WO2024117489A1 WO 2024117489 A1 WO2024117489 A1 WO 2024117489A1 KR 2023014213 W KR2023014213 W KR 2023014213W WO 2024117489 A1 WO2024117489 A1 WO 2024117489A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic device
access key
user terminal
remote service
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2023/014213
Other languages
English (en)
Korean (ko)
Inventor
최연석
최문석
백종선
김지원
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to EP23898023.9A priority Critical patent/EP4583456A1/fr
Publication of WO2024117489A1 publication Critical patent/WO2024117489A1/fr
Priority to US19/092,163 priority patent/US20250225262A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • Various embodiments of the present disclosure relate to an apparatus and method for providing a remote service to a user terminal by an external electronic device in a remote service system.
  • Electronic devices based on a network environment can use services or functions provided by a service server through the network.
  • the electronic device may perform an authentication procedure to use the service or function provided by the service server.
  • the authentication procedure may be a procedure for confirming whether the user of an electronic device (e.g., a user terminal such as a smartphone) has normal authority to use the service.
  • the authentication procedure may be based on, for example, an authentication method using an ID/password (PW) or a public key.
  • PW ID/password
  • a service server is electrically connected to a memory, a communication unit configured to perform communication with a user terminal connected to a public network or an external electronic device connected to a private network, and the memory or the communication unit, and is electrically connected to the user terminal and the communication unit. It may include a processor configured to perform relaying between external electronic devices. The processor encrypts an access key for authentication of the user terminal using a symmetric key, and sends an authentication file containing the encrypted access key to a remote service target electronic device, which is one of the external electronic devices, through the communication unit. It can be configured to transmit.
  • the processor may be configured to transmit a connection address that guides access to an internal proxy and the access key to the user terminal through the communication unit.
  • the processor may be configured to transmit a connection request message including the access key received from the user terminal connected to the internal proxy using the connection address to the remote service target electronic device through the internal proxy. .
  • an electronic device includes a memory, a communication unit configured to allow only outbound access to a public network, and communicate with a service server through a private network, and is electrically connected to the memory or the communication unit, , It may include a processor configured to provide a remote service to the user terminal through relay of an internal proxy provided in the service server.
  • the processor is configured to receive an authentication file containing an encrypted access key from the service server through the communication unit, and obtain a first access key by restoring the encrypted access key of the authentication file using a symmetric key. It can be.
  • the processor may be configured to receive a connection request message from the user terminal through relay of the internal proxy and obtain a second access key from the connection request message.
  • the processor may be configured to allow remote service to the user terminal based on whether the first access key and the second access key are the same.
  • a method of supporting a remote service for a user terminal in an electronic device connected to a public network to allow only outbound includes receiving an authentication file containing an encrypted access key from a service server connected to a private network. It may include actions such as: The method may include obtaining a first access key by restoring the encrypted access key included in the authentication file using a symmetric key. The method may include receiving a connection request message from the user terminal through the relay of an internal proxy provided to connect the user terminal to the service server through a public network. The method may include obtaining a second access key from the connection request message. The method may include an operation of allowing a remote service to the user terminal based on whether the first access key and the second access key are the same.
  • FIG. 2 is a diagram illustrating a signal processing procedure for a remote service in a remote service system, according to an embodiment.
  • Figure 3 is a control flow diagram for using a remote service in a user terminal, according to one embodiment.
  • Figure 4 is a control flow diagram for using a remote service in a service server, according to one embodiment.
  • Figure 5 is a control flowchart for using a remote service in an electronic device subject to a remote service, according to an embodiment.
  • Figure 6 is a block diagram of a user terminal performing a remote service, according to an embodiment.
  • Figure 7 is a block diagram of a service server that performs a remote service, according to an embodiment.
  • Figure 8 is a block diagram of an external electronic device that performs a remote service, according to an embodiment.
  • FIG. 9A is an example of a screen for selecting an external electronic device to use a remote service in a user terminal, according to an embodiment.
  • FIG. 9B is an example of a screen for controlling a remote service target electronic device from a user terminal, according to an embodiment.
  • Various embodiments of the present disclosure provide a device and method for supporting an authentication method that can prevent exposure of information (e.g., character string, token, or key) for authentication of a user terminal that will use a remote service in a remote service system. can do.
  • information e.g., character string, token, or key
  • a remote service system for providing a remote service by an external electronic device to a user terminal not complicated, but also information for user authentication (e.g., character string, It can also prevent unwanted exposure of tokens or keys.
  • the remote service in the present disclosure allows a user terminal (e.g. smartphone, PC, tablet) to remotely control an external electronic device (e.g. television, lighting, refrigerator, washing machine, air conditioner, boiler, lock) or external electronic device. It may refer to a service that remotely uses services (e.g. content services) provided by .
  • a remote service may be a service that supports changing a television channel, adjusting the volume, or using an on-demand content service using a smartphone.
  • the remote service may not be limited to the type of device, only the functions that can be controlled or used are different if the remote control target supports communication functions.
  • FIG. 1 is a configuration diagram of a remote service system that provides remote services, according to an embodiment.
  • the remote service system 100 may include a service server 110, a user terminal group 120, or an external electronic device group 120.
  • the remote service system 100 may also include an authentication server 140.
  • the user terminal group 120 may include one or more user terminals 120-1, 120-2, and 120-n that will use a remote service.
  • one or more user terminals 120-1, 120-2, and 120-n included in the user terminal group 120 may be referred to as the 'first electronic device 120'.
  • n user terminals 120-1, 120-2, and 120-n may be referred to as 1-1st electronic devices 120-1 to 1-nth electronic devices 120-n.
  • the external electronic device group 130 may include one or more external electronic devices 130-1, 130-2, and 130-m to provide a remote service in response to a request from the user terminal group 120. there is.
  • one or more external electronic devices 130-1, 130-2, and 130-m included in the external electronic device group 130 may be referred to as a ‘second electronic device 130.’
  • the m external electronic devices 130-1, 130-2, and 130-m may be referred to as 2-1st electronic devices 130-1 to 2-m electronic devices 130-m. .
  • the service server 110 may be connected to the first network 150 or the second network 160.
  • the first network 150 may be a public network
  • the second network 160 may be a private network.
  • the public network 150 may provide a connection service so that an unspecified number of people can access other communication networks or the Internet.
  • the public network 150 may be a communication network established by a communication company.
  • the dedicated network 160 is a communication network established in a specific institution, such as a company or school, so that access is restricted to a specific minority, and may be a private network.
  • the dedicated network 160 is a concept based on network use and may be no different from a public network in terms of network configuration or underlying technology such as hardware, excluding technologies such as security, address system, or authentication.
  • the user terminal group 120 may be connected to the first network 150.
  • each of the 1-1st electronic devices 120-1 to 1-nth electronic devices 120-n included in the user terminal group 120 can independently access the first network 150. You can.
  • the external electronic device group 130 may be connected to the second network 160.
  • each of the 2-1st electronic devices 130-1 to 2-m electronic devices 130-m included in the external electronic device group 130 independently accesses the second network 160. can do.
  • the external electronic device group 130 may also be connected to the first network 150.
  • Each of the 2-1st electronic devices 130-1 to 2-m electronic devices 130-m included in the external electronic device group 130 can independently access the first network 150.
  • the 2-1st electronic devices 130-1 to 2-m electronic devices 130-m may be connected to the first network 150 to allow only outbound 170. In this case, external access to the 2-1st electronic device 130-1 to the 2-m electronic device 130-m may be blocked.
  • the service server 110 operates on the 1-1st electronic devices 120-1 to 1-nth electronic devices 120-n included in the user terminal group 120 through the first network 150. ) can be connected to.
  • a secure sockets layer (SSL) is provided between the service server 110 and the 1-1st to 1-nth electronic devices 120-1 to 120-n included in the user terminal group 120.
  • a firewall such as a firewall may be provided. The firewall may protect the service server 110 or the first electronic device 120 from being exposed to the outside.
  • the first electronic device 120 may perform an authentication procedure for a user or device to use a remote service.
  • the first electronic device 120 may refer to one, part or all of the 1-1st electronic device 120-1 to the 1-nth electronic device 120-n included in the user terminal group 120. You can.
  • the first electronic device 120 obtains authentication to use a remote service by performing an authentication procedure with the authentication server 140 or the service server 110 accessible through the first network 150. can do.
  • the authentication procedure can be prepared by logging in using ID/PW or using a public key.
  • the first electronic device 120 can select a target electronic device to use a remote service (hereinafter referred to as a 'remote service target electronic device').
  • the remote service target electronic device may be one of the 2-1st electronic devices 130-1 to 2-m electronic devices 130-m included in the external electronic device group 130.
  • the first electronic device 120 can access the proxy module 111 provided in the service server 110 using the connection address provided by the service server 110.
  • the first electronic device 120 may transmit the access key, which is an authentication key provided from the service server 110, to the proxy module 111 when requesting a connection for a remote service.
  • the first electronic device 120 may receive a connection response from the proxy module 111 in response to a connection request sent to the proxy module 111.
  • the first electronic device 120 can check the authentication approval result delivered from the proxy module 111. If the acceptance result indicates successful authentication, the first electronic device 120 may perform an operation for remote service with the remote service target electronic device 130 based on the relay of the proxy module 111. there is.
  • the service server 110 encrypts the access key for authentication of the user terminal connected to the public network using a symmetric key and includes it in the authentication file, which is one of the external electronic devices 130 connected to the private network 160. It can be transmitted to a remote service target electronic device.
  • the service server 110 may transmit a connection address that guides access to the proxy module 111 provided therein and the access key to the user terminal (eg, the first electronic device 120 in FIG. 1).
  • the service server 110 may receive a connection request message including the access key from the first electronic device 120 connected to the proxy module 111 using the connection address.
  • the service server 110 may transmit the received connection request message to the second electronic device 130, which is a remote service target electronic device, through the proxy module 111.
  • the second electronic device 130 may be an electronic device connected to the public network 150 to allow only outbound traffic.
  • the second electronic device 130 refers to one, part, or all of the 2-1st electronic device 130-1 to the 2-m electronic device 130-m included in the external electronic device group 130. can do.
  • the second electronic device 130 may receive an authentication file including an encrypted access key from the service server 110 connected to the dedicated network 160.
  • the second electronic device 130 may obtain a first access key by restoring the encrypted access key included in the authentication file using a symmetric key.
  • the second electronic device 130 is relayed by a proxy module 111 that connects the first electronic device 120 to the service server 110 through the public network 150. You can receive a connection request message from .
  • the second electronic device 130 may obtain a second access key from the connection request message.
  • the second electronic device 130 may allow remote service to the user terminal based on whether the first access key and the second access key are the same.
  • the second electronic device 130 indicates successful authentication as a result of the authentication, the second electronic device 130 may perform an operation for remote service with the first electronic device 120 based on the relay of the proxy module 111. .
  • FIG. 2 is a diagram illustrating a signal processing procedure for a remote service in a remote service system (eg, the remote service system 100 of FIG. 1) according to an embodiment.
  • a remote service system eg, the remote service system 100 of FIG. 1
  • the first electronic device 120 corresponding to a user terminal may transmit a use request message to the service server 110 (operation 210).
  • the first electronic device 120 may transmit a use request message to the service server 110 for the purpose of requesting the use of a remote service.
  • the first electronic device 120 accesses and logs in to the service server 110, and then selects an external electronic device to use the remote service (e.g., one included in the external electronic device group 130 of FIG. 1).
  • an external electronic device to use the remote service e.g., one included in the external electronic device group 130 of FIG. 1.
  • one of the plurality of external electronic devices 130-1, 130-2, and 130-m may be selected as the remote service target electronic device (eg, television).
  • the first electronic device 120 when the first electronic device 120 successfully logs in, it may output a screen for selecting at least one external electronic device corresponding to a target that can use a remote service.
  • the screen may be a screen in which an application (APP) is executed, or a screen connected to a web page.
  • APP application
  • the first electronic device 120 is a smartphone
  • UI user interface
  • 9a an example of a user interface (UI: user interface) displayed on the screen of the first electronic device 120 is shown so that the user can select a remote service target device. It is shown in 9a.
  • icons corresponding to a TV, lighting, refrigerator, boiler, air conditioner, or washing machine are displayed as external electronic devices to which the remote control function 910 can be applied on the display of the first electronic device 120 to which the user has successfully logged in.
  • An example of (921, 922, 923, 924, 925, 926) is shown.
  • the icon may be a floating icon.
  • the user may select one of the icons 921, 922, 923, 924, 925, and 926 displayed on the display of the first electronic device 120.
  • the first electronic device 120 may transmit information about the selected icon to the service server 110.
  • the service server 110 can recognize the first electronic device 120 as the user terminal using the remote service or the electronic device subject to the remote service through which the first electronic device 120 will use the remote service.
  • the following description will be made on the assumption that the electronic device subject to remote service is the second electronic device 130.
  • the second electronic device 130 is an external electronic device that provides a remote service (e.g., one or more external electronic devices 130-1, 130-2, 130 included in the external electronic device group 130 of FIG. 1). It can be one of -m)).
  • the service server 110 When the service server 110 receives a use request from the first electronic device 120, it sends an authentication file to the second electronic device 130 through a dedicated network (e.g., the second network 160 in FIG. 1). May pass (action 230).
  • the authentication file may include authentication information.
  • the authentication information may be encrypted with a symmetric key.
  • the service server 110 may share the symmetric key with the second electronic device 130 in advance. For example, the symmetric key may be shared when the second electronic device 130 initially connects to the service server 110.
  • the symmetric key may be assigned to each external electronic device. Symmetric keys assigned to each external electronic device may be different.
  • the authentication information to be encrypted by a symmetric key may include a character string, token, or key (hereinafter referred to as an 'access key').
  • the authentication information may include information regarding the time allowed for the access key (e.g., 30 minutes).
  • the access key may be used for authentication to allow use of a remote service by the first electronic device 120 or a user of the first electronic device 120.
  • the access key may be used, for example, only for a preset allowance time (e.g., 30 minutes) or permission procedure (e.g., performing connection authentication for a remote service).
  • the access key may be discarded when a preset allowable time elapses.
  • the access key may be discarded when connection authentication is completed.
  • the second electronic device 130 may receive an authentication file from the service server 110 (operation 230).
  • the second electronic device 130 can restore the encrypted authentication information included in the authentication file using a symmetric key.
  • the second electronic device 130 may obtain an access key from the authentication information restored using the symmetric key.
  • the second electronic device 130 may obtain information about the allowable time (eg, 30 minutes) of the access key from the authentication information restored using the symmetric key.
  • the service server 110 may transmit access information for a remote service to the first electronic device 120 through a public network (e.g., the first network 150 in FIG. 1) (operation 220).
  • the connection information may include connection information or an access key.
  • the connection information may include a connection address for a remote service.
  • the connection address may be a URL (uniform resource locator) that can access a proxy provided in the service server 110 (e.g., proxy module 111 in FIG. 1).
  • the first electronic device 120 may obtain a connection address or access key from the connection information transmitted from the service server 110.
  • the first electronic device 120 may be connected to the proxy 111 provided in the service server 110 through the public network 150 using the obtained connection address (operation 240).
  • the first electronic device 120 may transmit a connection request message including the obtained access key to the proxy 111 through the public network 150 (operation 240 ).
  • the connection request message may include information about the second electronic device 130 that will use the remote service.
  • the information about the second electronic device 130 may include, for example, identification information of the second electronic device 130.
  • the proxy 111 of the service server 110 When the proxy 111 of the service server 110 receives a connection request message from the first electronic device 120 through the public network 150, it sends the received connection request message to the private network 160.
  • An authentication confirmation request operation forwarded to the second electronic device 130 may be performed (operation 250).
  • the proxy 111 may have already recognized the second electronic device 130 to which the connection request message will be delivered in operation 210 previously performed.
  • the proxy 111 may recognize the second electronic device 130 by checking the identification information included in the connection request message.
  • the second electronic device 130 When the second electronic device 130 receives a connection request message from the service server 110, it can obtain the access key included in the connection request message.
  • the second electronic device 130 may perform connection authentication based on whether the access key obtained from the authentication file matches the access key obtained from the connection request message (operation 260).
  • the second electronic device 130 allows remote service access by the first electronic device 120 if the two access keys (the access key obtained from the authentication file and the access key obtained from the connection request message) are the same. It may be determined that it is permitted by the service server 110. If the two access keys (the access key obtained from the authentication file and the access key obtained from the connection request message) are not the same, the second electronic device 130 accesses the remote service by the first electronic device 120. It may be determined that this is not permitted by the service server 110.
  • the second electronic device 130 may transmit the authentication result determined using the access key to the proxy 111 of the service server 110 through the dedicated network 160 (operation 270).
  • the authentication result may include an identifier indicating whether authentication was successful.
  • the proxy 111 of the service server 110 sends a connection response corresponding to the connection request to the first electronic device through the public network 150 based on the authentication result received from the second electronic device 130. It can be passed to (120) (action (280).
  • the first electronic device 120 can perform an operation according to the connection service targeting the second electronic device 130.
  • the first electronic device 120 may perform an operation according to the connection service with the second electronic device 130 through the proxy 111. That is, the first electronic device 120 may recognize that a procedure according to the connection service is being performed with the proxy 111.
  • the second electronic device 130 may also recognize that it is performing a procedure according to the connection service with the proxy 111.
  • connection response sent from the proxy 111 indicates that authentication has failed, the first electronic device 120 cannot use the connection service for the second electronic device 130.
  • the service server 110 may generate a session key to replace the access key.
  • the service server 110 may transmit the generated session key to the first electronic device 120 and/or the second electronic device 130.
  • the service server 110 may encrypt it using a symmetric key.
  • the session key can be used to transmit or receive data according to remote services.
  • the service server 110 may share the session key with the first electronic device 120 and/or the second electronic device 130 and then discard the previously used access key.
  • the service server 110 may encrypt the session key with a symmetric key and transmit it to the second electronic device 130.
  • FIG. 3 is a control flowchart for using a remote service in a user terminal (eg, the first electronic device 120 of FIG. 1) according to an embodiment.
  • the first electronic device 120 corresponding to a user terminal may determine whether a use event requesting use of a remote service by the user occurs in operation 311. there is.
  • the usage event may be generated, for example, when a user executes a program or app installed for a remote service.
  • the first electronic device 120 may transmit a usage request message to a service server (eg, the service server 110 of FIG. 1) in operation 313.
  • the first electronic device 120 may transmit a use request message to the service server 110 for the purpose of requesting the use of a remote service.
  • the first electronic device 120 accesses and logs in to the service server 110, and then selects an external electronic device to use the remote service (e.g., one included in the external electronic device group 130 of FIG. 1).
  • an external electronic device to use the remote service e.g., one included in the external electronic device group 130 of FIG. 1.
  • one of the plurality of external electronic devices 130-1, 130-2, and 130-m may be selected as the remote service target electronic device (eg, television).
  • the first electronic device 120 when the first electronic device 120 successfully logs in, it may output a screen for selecting at least one external electronic device corresponding to a target that can use a remote service.
  • the screen may be a screen in which an application (APP) is executed, or a screen connected to a web page.
  • APP application
  • the first electronic device 120 is a smartphone
  • UI user interface
  • 9a an example of a user interface (UI: user interface) displayed on the screen of the first electronic device 120 is shown so that the user can select a remote service target device. It is shown in 9a.
  • icons corresponding to a TV, lighting, refrigerator, boiler, air conditioner, or washing machine are displayed as external electronic devices to which the remote control function 910 can be applied on the display of the first electronic device 120 to which the user has successfully logged in.
  • An example of (921, 922, 923, 924, 925, 926) is shown.
  • the icon may be a floating icon.
  • the user may select one of the icons 921, 922, 923, 924, 925, and 926 displayed on the display of the first electronic device 120.
  • the first electronic device 120 may transmit information about the selected icon to the service server 110. Accordingly, the service server 110 can recognize the first electronic device 120 as the user terminal using the remote service or the electronic device subject to the remote service through which the first electronic device 120 will use the remote service.
  • the first electronic device 120 may determine whether connection information is received from the service server 110.
  • the first electronic device 120 may obtain connection information or an access key from the connection information in operation 317.
  • the connection information may include a connection address for a remote service.
  • the connection address may be a URL that can access a proxy provided in the service server 110 (eg, proxy module 111 in FIG. 1).
  • the access key may be used for authentication to allow use of a remote service by the first electronic device 120 or a user of the first electronic device 120.
  • the access key may be used, for example, only for a preset allowance time (e.g., 30 minutes) or permission procedure (e.g., performing connection authentication for a remote service).
  • the access key may be discarded when a preset allowable time elapses.
  • the access key may be discarded when connection authentication is completed.
  • the first electronic device 120 may connect to the proxy 111 provided in the service server 110 through the public network 150 using the obtained connection address.
  • the first electronic device 120 can transmit a connection request message including the obtained access key to the proxy 111 through the public network 150.
  • the connection request message may include information about the second electronic device 130 that will use the remote service.
  • the information about the second electronic device 130 may include, for example, identification information of the second electronic device 130.
  • the first electronic device 120 may determine whether a connection approval response is received from the proxy 111 through the public network 150. As an example, the first electronic device 120 may receive a connection response message from the proxy 111. The first electronic device 120 can check the authentication result information included in the received connection response message. For example, the authentication result information may include an identifier indicating whether authentication was successful. The first electronic device 1200 can check whether the use of a remote service is approved using the identifier.
  • the first electronic device 120 may perform an operation according to the connection service for the second electronic device 130.
  • the first electronic device 120 may perform the remote service using a session key instead of an access key.
  • the session key can be received from the proxy 111, for example, after successful authentication for the connection service.
  • the first electronic device 120 may perform an operation according to the connection service with the second electronic device 130 through the proxy 111. That is, the first electronic device 120 may recognize that a procedure according to the connection service is being performed with the proxy 111.
  • the second electronic device 130 may also recognize that it is performing a procedure according to the connection service with the proxy 111.
  • the first electronic device 120 may perform error processing on the use event in operation 325.
  • FIG. 4 is a control flowchart for using a remote service from a service server (eg, service server 110 of FIG. 1) according to an embodiment.
  • a service server eg, service server 110 of FIG. 1
  • the service server 110 may determine whether a connection request is received from a first electronic device (eg, the first electronic device 120 of FIG. 1).
  • the service server 110 may obtain an authentication key in response to the connection request.
  • the service server 110 may generate an access key corresponding to an authentication key.
  • the access key may be used for authentication to allow use of a remote service by the first electronic device 120 or a user of the first electronic device 120.
  • the access key may be used, for example, only for a preset allowance time (e.g., 30 minutes) or permission procedure (e.g., performing connection authentication for a remote service).
  • the access key may be discarded when a preset allowable time elapses.
  • the access key may be discarded when connection authentication is completed.
  • the service server 110 may transmit the authentication file to the second electronic device 130 through a dedicated network (eg, the second network 160 of FIG. 1).
  • the authentication file may include authentication information.
  • the authentication information may be encrypted with a symmetric key.
  • the service server 110 may share the symmetric key with the second electronic device 130 in advance. For example, the symmetric key may be shared when the second electronic device 130 initially connects to the service server 110.
  • the symmetric key may be assigned to each external electronic device. Symmetric keys assigned to each external electronic device may be different.
  • the service server 110 may transmit access information for a remote service to the first electronic device 120 through a public network (eg, the first network 150 of FIG. 1).
  • the connection information may include connection information or an access key.
  • the connection information may include a connection address for a remote service.
  • the connection address may be a URL that can access a proxy provided in the service server 110 (eg, proxy module 111 in FIG. 1).
  • the proxy 111 of the service server 110 may determine whether a connection request message is received from the first electronic device 120 through the public network 150 in operation 419.
  • the proxy 110 When receiving the connection request message, the proxy 110 transmits the received connection request message to the second electronic device (e.g., the second electronic device 130 of FIG. 1) through the dedicated network 160 in operation 421. ) can be transmitted.
  • the proxy 111 may have already recognized the second electronic device 130 to which the connection request message will be delivered through an operation of receiving a previously performed connection request.
  • the proxy 111 may recognize the second electronic device 130 by checking the identification information included in the connection request message.
  • the proxy 111 of the service server 110 sends a connection response corresponding to the connection request based on the authentication result received from the second electronic device 130 in operations 423, 425, or 429. It can be transmitted to the first electronic device 120 through the public network 150. As an example, the proxy 111 may determine whether the authentication result indicates connection approval in operation 423. If the authentication result indicates connection approval, the proxy 111 may transmit a connection approval response message to the first electronic device 120 in operation 425. If the authentication result indicates a connection failure, the proxy 111 may transmit a connection failure response message to the first electronic device 120 in operation 429.
  • the proxy 111 of the service server 110 may relay an operation according to the connection service between the first electronic device 120 and the second electronic device 130 in operation 427. there is.
  • the service server 110 may generate a session key to replace the access key.
  • the service server 110 may transmit the generated session key to the first electronic device 120 and/or the second electronic device 130.
  • the service server 110 may encrypt it using a symmetric key.
  • the session key can be used to transmit or receive data according to remote services.
  • the service server 110 may share the session key with the first electronic device 120 and/or the second electronic device 130 and then discard the previously used access key.
  • the service server 110 may encrypt the session key with a symmetric key and transmit it to the second electronic device 130.
  • FIG. 5 is a control flowchart for using a remote service in an electronic device subject to a remote service (eg, the second electronic device 130 of FIG. 1), according to an embodiment.
  • the second electronic device 130 may determine whether an authentication file is received from the service server 110 in operation 511.
  • the second electronic device 130 may restore the encrypted authentication information included in the authentication file using a symmetric key.
  • the second electronic device 130 may obtain an access key (eg, first authentication key) from authentication information restored using the symmetric key.
  • the second electronic device 130 may obtain information about the allowable time (eg, 30 minutes) of the access key from the authentication information restored using the symmetric key.
  • the second electronic device 130 may determine whether connection request information is received from the proxy 111 of the service server 110. When receiving a connection request message from the proxy 111, the second electronic device 130 may obtain an access key (eg, a second authentication key) included in the connection request message in operation 517.
  • an access key eg, a second authentication key
  • the second electronic device 130 matches the access key (e.g., first authentication key) obtained from the authentication file and the access key (e.g., second authentication key) obtained from the connection request message.
  • Connection authentication can be performed based on the connection authentication.
  • the second electronic device 130 may approve authentication for remote service access by the first electronic device 120 in operation 521. There is. If the first authentication key and the second authentication key are not the same, the second electronic device 130 fails authentication for remote service access by the first electronic device 120 in operation 525. You can.
  • the second electronic device 130 may transmit the authentication result determined using the access key to the proxy 111 of the service server 110 through the dedicated network 160.
  • the authentication result may include an identifier indicating whether authentication was successful.
  • the second electronic device 130 may perform an operation according to the connection service for the first electronic device 120 in operation 523.
  • the second electronic device 130 may recognize that a procedure according to the connection service is being performed with the proxy 111.
  • FIG. 6 is a block diagram of a user terminal (eg, the first electronic device 120 of FIG. 1 ) that performs a remote service, according to an embodiment.
  • the first electronic device 120 may include at least one processor 610, an input unit 620, an output unit 630, a communication unit 640, or a memory 650. You can.
  • the output unit 630 may include a display unit corresponding to a display-like component for providing visual information to the user.
  • the processor 610 may execute software (e.g., a program) to control at least one other component (e.g., hardware or software component) of the user terminal 120 connected to the processor 610, and may control various Data processing or calculations can be performed. As at least part of the data processing or calculation, the processor 610 stores commands or data received from another component (e.g., input unit 620) in memory 650, and stores the commands stored in memory 650. Alternatively, data may be processed and the resulting data may be stored in the memory 650.
  • software e.g., a program
  • the processor 610 stores commands or data received from another component (e.g., input unit 620) in memory 650, and stores the commands stored in memory 650.
  • data may be processed and the resulting data may be stored in the memory 650.
  • the processor 610 is a main processor (e.g., central processing unit or application processor) or an auxiliary processor that can operate independently or together (e.g., graphics processing unit, neural processing unit (NPU), image signal processor, It may include a sensor hub processor, or a communication processor).
  • auxiliary processor may be set to use less power than the main processor or be specialized for a designated function.
  • the auxiliary processor may be implemented separately from the main processor or as part of it.
  • the memory 650 may store various data used by at least one component (eg, processor 610) of the first electronic device 120. Data may include, for example, input data or output data for software (e.g., a program) and instructions related thereto. Memory 650 may include volatile memory or non-volatile memory.
  • the input unit 620 may receive commands or data to be used for a component (e.g., processor 610) of the first electronic device 120 from outside the first electronic device 120 (e.g., a user). there is.
  • the input unit 620 may include, for example, a microphone, a mouse, a keyboard, a key (eg, a button), or a digital pen (eg, a stylus pen).
  • the output unit 630 may externally output information in a visual or auditory form to be conveyed to the user.
  • the output unit 630 may include, for example, a speaker or receiver capable of outputting information in an auditory form.
  • the speaker can be used for general purposes such as multimedia playback or recorded playback.
  • the receiver can be used to receive incoming calls.
  • the receiver may be implemented separately from the speaker or as part of it.
  • the output unit 630 may include a display unit.
  • the display unit may include a display that outputs information in a visual form to the outside.
  • the display unit may include, for example, a display, a hologram device, or a projector, and a control circuit for controlling the device.
  • the display unit may include a touch sensor configured to detect a touch, or a pressure sensor configured to measure the intensity of force generated by the touch.
  • the communication unit 640 establishes a direct (e.g., wired) or wireless communication channel between the first electronic device 120 and an external electronic device (e.g., the service server 110 of FIG. 1), and establishes the established communication channel. It can support communication through .
  • the communication unit 640 operates independently of the processor 610 (eg, an application processor) and may include one or more communication processors that support direct (eg, wired) communication or wireless communication.
  • the communication unit 640 is a wireless communication module (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module (e.g., a local area network (LAN) communication module, or a power line). communication module).
  • GNSS global navigation satellite system
  • the corresponding communication module is a first network (e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network (e.g., a legacy cellular network, 5G network, It can communicate with external electronic devices through a telecommunication network such as a next-generation telecommunication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a first network e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)
  • a second network e.g., a legacy cellular network, 5G network
  • a telecommunication network such as a next-generation telecommunication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a telecommunication network such as a next-generation telecommunication network, the Internet
  • a computer network
  • the processor 610 may determine whether a usage event requesting the use of a remote service by a user occurs. For example, the processor 610 may determine that a use event has occurred by executing a program or app installed for a remote service in response to a user's request input through the input unit 620.
  • the processor 610 may transmit a usage request message to the service server 110 through the communication unit 640.
  • the processor 610 may transmit a use request message to the service server 110 for the purpose of requesting the use of a remote service.
  • the processor 610 after accessing and logging in to the service server 110, the processor 610 connects to an external electronic device to use a remote service (e.g., one or more devices included in the external electronic device group 130 of FIG. 1).
  • a remote service e.g., one or more devices included in the external electronic device group 130 of FIG. 1.
  • One of the external electronic devices 130-1, 130-2, and 130-m can be selected as the remote service target electronic device (e.g., television).
  • the processor 610 outputs a screen for selecting at least one external electronic device corresponding to a target that can use a remote service through the display unit provided in the output unit 630. You can.
  • the screen may be a screen where an app is executed, or a screen where a web page is accessed.
  • connection information may include a connection address for a remote service.
  • the connection address may be a URL that can access a proxy provided in the service server 110 (eg, proxy module 111 in FIG. 1).
  • the access key may be used for authentication to allow use of a remote service by the first electronic device 120 or a user of the first electronic device 120.
  • the access key may be used, for example, only for a preset allowance time (e.g., 30 minutes) or permission procedure (e.g., performing connection authentication for a remote service).
  • the access key may be discarded when a preset allowable time elapses.
  • the access key may be discarded when connection authentication is completed.
  • the processor 610 can control the communication unit 640 to access the proxy 111 provided in the service server 110 through the public network 150 using the obtained connection address.
  • the communication unit 640 is configured to transmit a connection request message including the obtained access key to the proxy 111 through the public network 150. You can control it.
  • the connection request message may include information about the second electronic device 130 that will use the remote service.
  • the information about the second electronic device 130 may include, for example, identification information of the second electronic device 130.
  • the processor 610 may receive a connection approval response transmitted by the proxy 111 through the public network 150 through the communication unit 640.
  • the processor 610 may check authentication result information included in the received connection response message.
  • the authentication result information may include an identifier indicating whether authentication was successful.
  • the processor 610 can check whether use of a remote service is approved using the identifier.
  • the processor 610 When the processor 610 indicates that the identifier has been successfully authenticated, it can perform an operation according to the connection service targeting the second electronic device 130.
  • the processor 610 can perform the remote service using a session key instead of an access key.
  • the session key can be received from the proxy 111, for example, after successful authentication for the connection service.
  • the processor 610 may perform an operation according to the connection service with the second electronic device 130 through the proxy 111. That is, the processor 610 may recognize that a procedure according to the connection service is being performed with the proxy 111.
  • the processor 610 may perform error processing on the use event.
  • FIG. 7 is a block diagram of a service server (eg, service server 110 of FIG. 1) that performs a remote service, according to an embodiment.
  • a service server eg, service server 110 of FIG. 1
  • the service server 110 may include at least one processor 710, a communication unit 720, or a memory 730.
  • the processor 710 may execute software (e.g., a program) to control at least one other component (e.g., hardware or software component) of the service server 110 connected to the processor 710, and may control various Data processing or calculations can be performed. As at least part of the data processing or calculation, the processor 710 stores commands or data received from other components in memory 730, processes the commands or data stored in memory 730, and produces resultant data. can be stored in the memory 730.
  • the processor 710 may be a main processor (e.g., central processing unit or application processor) or an auxiliary processor that can operate independently or together (e.g., graphics processing unit, neural processing unit (NPU), image signal processor, It may include a sensor hub processor, or a communication processor). For example, when the service server 110 includes a main processor and a auxiliary processor, the auxiliary processor may be set to use less power than the main processor or be specialized for a designated function. The auxiliary processor may be implemented separately from the main processor or as part of it.
  • the memory 730 may store various data used by at least one component (eg, processor 710) of the service server 110. Data may include, for example, input data or output data for software (e.g., a program) and instructions related thereto.
  • Memory 730 may include volatile memory or non-volatile memory.
  • the communication unit 720 provides direct (e.g., wired) communication between the service server 110 and the user terminal (e.g., the first electronic device 120 of FIG. 1) through a public network (e.g., the first network 150 of FIG. 1). ) Can support the establishment of a communication channel or wireless communication channel and the performance of communication through the established communication channel.
  • the communication unit 720 provides direct communication between the service server 110 and a remote service target electronic device (e.g., the second electronic device 130 of FIG. 1) through a dedicated network (e.g., the second network 160 of FIG. 1). It can support the establishment of a communication channel (e.g., wired) or a wireless communication channel, and the performance of communication through the established communication channel.
  • the communication unit 720 operates independently of the processor 710 (eg, an application processor) and may include one or more communication processors that support direct (eg, wired) communication or wireless communication.
  • the communication unit 720 is a wireless communication module (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module (e.g., a local area network (LAN) communication module, or a power line). communication module).
  • GNSS global navigation satellite system
  • the corresponding communication module is a first network (e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network (e.g., a legacy cellular network, 5G network, It can communicate with external electronic devices through a telecommunication network such as a next-generation telecommunication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a first network e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)
  • a second network e.g., a legacy cellular network, 5G network
  • a telecommunication network such as a next-generation telecommunication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a telecommunication network such as a next-generation telecommunication network, the Internet
  • a computer network
  • the processor 710 may receive a connection request from the first electronic device 120 through the communication unit 720. When the processor 710 receives a use request from the first electronic device 120, it can obtain an authentication key in response to the connection request. As an example, the processor 710 may generate an access key corresponding to an authentication key. The access key may be used for authentication to allow use of a remote service by the first electronic device 120 or a user of the first electronic device 120. The access key may be used, for example, only for a preset allowance time (e.g., 30 minutes) or permission procedure (e.g., performing connection authentication for a remote service). The access key may be discarded when a preset allowable time elapses. The access key may be discarded when connection authentication is completed.
  • a preset allowance time e.g. 30 minutes
  • permission procedure e.g., performing connection authentication for a remote service
  • the processor 710 may transmit the authentication file to the second electronic device 130 through the dedicated network 160.
  • the authentication file may include authentication information.
  • the authentication information may be encrypted with a symmetric key.
  • the processor 710 may share the symmetric key with the second electronic device 130 in advance. For example, the symmetric key may be shared when the second electronic device 130 initially connects to the service server 110.
  • the symmetric key may be assigned to each external electronic device. Symmetric keys assigned to each external electronic device may be different.
  • the processor 710 may control the communication unit 720 to transmit access information for a remote service to the first electronic device 120 through a public network (e.g., the first network 150 in FIG. 1). there is.
  • the connection information may include connection information or an access key.
  • the connection information may include a connection address for a remote service.
  • the connection address may be a URL that can access a proxy provided in the service server 110 (eg, proxy module 111 in FIG. 1).
  • the processor 710 When the processor 710 receives a connection request message from the first electronic device 120 through the public network 150, the processor 710 sends the received connection request message to the second electronic device 130 through the private network 160. ), the communication unit 720 can be controlled to transmit the message to ).
  • the processor 710 may have already recognized the second electronic device 130 to which the connection request message will be delivered through an operation of receiving a previously performed connection request.
  • the processor 710 may recognize the second electronic device 130 by checking the identification information included in the connection request message.
  • the processor 710 transmits a connection response corresponding to the connection request to the first electronic device 120 through the public network 150 based on the authentication result received from the second electronic device 130,
  • the communication unit 720 can be controlled.
  • the processor 710 may determine whether the authentication result indicates connection approval. If the authentication result indicates connection approval, the processor 710 may control the communication unit to transmit a connection approval response message to the first electronic device 120. If the authentication result indicates a connection failure, the processor 710 may control the communication unit 720 to transmit a connection failure response message to the first electronic device 120.
  • the processor 710 may perform overall control to relay operations according to the connection service between the first electronic device 120 and the second electronic device 130.
  • the processor 710 may generate a session key to replace the access key.
  • the processor 710 may control the communication unit 720 to transmit the generated session key to the first electronic device 120 and/or the second electronic device 130.
  • the processor 710 may encrypt it using a symmetric key.
  • the session key can be used to transmit or receive data according to remote services.
  • the processor 710 may share the session key with the first electronic device 120 and/or the second electronic device 130 and then discard the previously used access key.
  • the processor 710 may encrypt the session key with a symmetric key and transmit it to the second electronic device 130.
  • FIG. 8 is a block diagram of an external electronic device (eg, the second electronic device 130 of FIG. 1 ) that performs a remote service, according to an embodiment.
  • an external electronic device eg, the second electronic device 130 of FIG. 1
  • the second electronic device 130 may include at least one processor 810, a communication unit 820, a user interface unit 830, or a memory 840.
  • the user interface unit 830 may include an output unit or an input unit.
  • the output unit may include a display unit corresponding to a display-like component for providing visual information to the user.
  • the processor 810 may execute software (e.g., a program) to control at least one other component (e.g., hardware or software component) of the second electronic device 130 connected to the processor 810, , various data processing or calculations can be performed. As at least part of the data processing or calculation, the processor 810 stores commands or data received from another component (e.g., user interface 830) in memory 840, and stores commands or data received from other components (e.g., user interface 830) in memory 840. Commands or data can be processed, and the resulting data can be stored in the memory 840.
  • software e.g., a program
  • the processor 810 stores commands or data received from another component (e.g., user interface 830) in memory 840, and stores commands or data received from other components (e.g., user interface 830) in memory 840. Commands or data can be processed, and the resulting data can be stored in the memory 840.
  • the processor 810 may be a main processor (e.g., central processing unit or application processor) or an auxiliary processor that can operate independently or together (e.g., graphics processing unit, neural processing unit (NPU), image signal processor, It may include a sensor hub processor, or a communication processor).
  • a main processor e.g., central processing unit or application processor
  • auxiliary processor e.g., graphics processing unit, neural processing unit (NPU), image signal processor, It may include a sensor hub processor, or a communication processor.
  • the auxiliary processor may be set to use less power than the main processor or be specialized for a designated function.
  • the auxiliary processor may be implemented separately from the main processor or as part of it.
  • the communication unit 820 establishes a direct (e.g., wired) or wireless communication channel between the second electronic device 130 and an external electronic device (e.g., the service server 110 of FIG. 1), and establishes the established communication channel. It can support communication through .
  • the communication unit 820 operates independently of the processor 810 (eg, an application processor) and may include one or more communication processors that support direct (eg, wired) communication or wireless communication.
  • the communication unit 820 is a wireless communication module (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module (e.g., a local area network (LAN) communication module, or a power line). communication module).
  • GNSS global navigation satellite system
  • the corresponding communication module is a first network (e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network (e.g., a legacy cellular network, 5G network, It can communicate with external electronic devices through a telecommunication network such as a next-generation telecommunication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a first network e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)
  • a second network e.g., a legacy cellular network, 5G network
  • a telecommunication network such as a next-generation telecommunication network, the Internet, or a computer network (e.g., LAN or WAN).
  • a telecommunication network such as a next-generation telecommunication network, the Internet
  • a computer network
  • the user interface unit 830 may perform operations to share information with the user.
  • the input unit included in the user interface 830 receives commands or data to be used for a component of the second electronic device 130 (e.g., the processor 810) from the outside of the electronic device 110 (e.g., the user). can do.
  • the input unit may include, for example, a microphone, mouse, keyboard, keys (eg, buttons), or a digital pen (eg, stylus pen).
  • the output unit included in the user interface 830 may externally output information in a visual or auditory form to be conveyed to the user.
  • the output unit may include, for example, a speaker or receiver capable of outputting information in an auditory form.
  • the speaker can be used for general purposes such as multimedia playback or recorded playback.
  • the receiver can be used to receive incoming calls.
  • the receiver may be implemented separately from the speaker or as part of it.
  • the output unit may include a display unit.
  • the display unit may include a display that outputs information in a visual form to the outside.
  • the display unit may include, for example, a display, a hologram device, or a projector, and a control circuit for controlling the device.
  • the display unit may include a touch sensor configured to detect a touch, or a pressure sensor configured to measure the intensity of force generated by the touch.
  • the memory 840 may store various data used by at least one component (eg, processor 810) of the second electronic device 130. Data may include, for example, input data or output data for software (e.g., a program) and instructions related thereto.
  • Memory 650 may include volatile memory or non-volatile memory.
  • the processor 810 may restore the encrypted authentication information included in the authentication file using a symmetric key.
  • the processor 810 may obtain an access key (eg, first authentication key) from authentication information restored using the symmetric key.
  • the processor 810 may obtain information about the allowable time (eg, 30 minutes) of the access key from the authentication information restored using the symmetric key.
  • the processor 810 may obtain an access key (eg, a second authentication key) included in the connection request message.
  • an access key eg, a second authentication key
  • the processor 810 performs connection authentication based on whether the access key obtained from the authentication file (e.g., first authentication key) and the access key obtained from the connection request message (e.g., second authentication key) match. You can.
  • the processor 810 may approve authentication for remote service access by the first electronic device 120. If the first authentication key and the second authentication key are not the same, the processor 810 may fail authentication for remote service access by the first electronic device 120.
  • the processor 810 may control the communication unit 820 to transmit the authentication result determined using the access key to the proxy 111 of the service server 110 through the dedicated network 160.
  • the authentication result may include an identifier indicating whether authentication was successful.
  • the processor 810 may perform overall control for the connection service targeting the first electronic device 120.
  • the processor 810 may recognize that a procedure according to the connection service is being performed with the proxy 111.
  • FIG. 9A shows a user terminal (e.g., the first electronic device 120 of FIG. 1) selecting an external electronic device (e.g., the second electronic device 130 of FIG. 1) to use a remote service, according to an embodiment.
  • the user terminal 120 when the user terminal 120 is a smartphone, the user terminal 120 may display a screen so that the user can select a remote service target device.
  • icons corresponding to a TV, lighting, refrigerator, boiler, air conditioner, or washing machine are displayed as external electronic devices to which the remote control function 910 can be applied to the display of the first electronic device 120 where the user has successfully logged in ( 921, 922, 923, 924, 925, 926) may be displayed.
  • the icon may be a floating icon.
  • FIG. 9B is a screen for controlling a remote service target electronic device (e.g., the second electronic device 130 of FIG. 1) from a user terminal (e.g., the first electronic device 120 of FIG. 1), according to an embodiment. Yes.
  • a remote service target electronic device e.g., the second electronic device 130 of FIG. 1
  • a user terminal e.g., the first electronic device 120 of FIG. 1
  • the user terminal 120 may display one or more icons on the screen that have a function for controlling a target electronic device through which the user will use a remote service.
  • the user terminal 120 may display a screen 940 for TV control 930.
  • the displayed screen 940 may include a function icon 941 for adjusting the volume or a function icon 943 for changing the channel.
  • Electronic devices may be of various types.
  • Electronic devices may include, for example, portable communication devices (e.g., smartphones), computer devices, portable multimedia devices, portable medical devices, cameras, wearable devices, or home appliances.
  • Electronic devices according to embodiments of this document are not limited to the above-described devices.
  • first, second, or first or second may be used simply to distinguish one component from another, and to refer to those components in other respects (e.g., importance or order) is not limited.
  • One (e.g., first) component is said to be “coupled” or “connected” to another (e.g., second) component, with or without the terms “functionally” or “communicatively.” Where mentioned, it means that any of the components can be connected to the other components directly (e.g. wired), wirelessly, or through a third component.
  • module used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, and is interchangeable with terms such as logic, logic block, component, or circuit, for example. It can be used as A module may be an integrated part or a minimum unit of the parts or a part thereof that performs one or more functions. For example, according to one embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).
  • ASIC application-specific integrated circuit
  • Various embodiments of the present document are software (e.g., a program) including one or more instructions stored in a storage medium (e.g., memory) readable by a machine (e.g., remote service system 100).
  • a processor e.g., processor 610, 710, 810 of a device (e.g., service server 110, first electronic device 120, or second electronic device 130).
  • a device e.g., service server 110, first electronic device 120, or second electronic device 130.
  • the one or more instructions may include code generated by a compiler or code that can be executed by an interpreter.
  • the device-readable storage medium may be provided in the form of a non-transitory storage medium.
  • 'non-transitory' only means that the storage medium is a tangible device and does not contain signals (e.g. electromagnetic waves), and this term is used when data is stored semi-permanently in the storage medium.
  • signals e.g. electromagnetic waves
  • Computer program products are commodities and can be traded between sellers and buyers.
  • the computer program product may be distributed in the form of a machine-readable storage medium (e.g. compact disc read only memory (CD-ROM)) or through an application store (e.g. Play StoreTM) or on two user devices (e.g. It can be distributed (e.g. downloaded or uploaded) directly between smart phones) or online.
  • a machine-readable storage medium e.g. compact disc read only memory (CD-ROM)
  • an application store e.g. Play StoreTM
  • two user devices e.g. It can be distributed (e.g. downloaded or uploaded) directly between smart phones) or online.
  • at least a portion of the computer program product may be at least temporarily stored or temporarily created in a machine-readable storage medium, such as the memory of a manufacturer's server, an application store's server, or a relay server.
  • each component (e.g., module or program) of the above-described components may include a single or plural entity, and some of the plurality of entities may be separately placed in other components. there is.
  • one or more of the components or operations described above may be omitted, or one or more other components or operations may be added.
  • multiple components eg, modules or programs
  • the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component of the plurality of components prior to the integration. .
  • operations performed by a module, program, or other component may be executed sequentially, in parallel, iteratively, or heuristically, or one or more of the operations may be executed in a different order, or omitted. Alternatively, one or more other operations may be added.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente divulgation concerne un dispositif et un procédé pour fournir un service à distance à un terminal utilisateur au moyen d'un dispositif électronique externe dans un système de service à distance. Le dispositif électronique peut recevoir un fichier d'authentification contenant une clé d'accès chiffrée en provenance d'un serveur de service connecté à un réseau dédié, et restaurer la clé d'accès chiffrée à l'aide d'une clé symétrique pour obtenir une première clé d'accès. Le dispositif électronique peut recevoir un message de demande de connexion en provenance du terminal utilisateur par le biais du relais d'un proxy interne fourni de façon à connecter le terminal utilisateur au serveur de service par le biais d'un réseau public, et obtenir une seconde clé d'accès à partir du message de demande de connexion. Le dispositif électronique peut permettre un service à distance au terminal utilisateur en fonction du fait que la première clé d'accès et la seconde clé d'accès sont identiques ou non.
PCT/KR2023/014213 2022-12-02 2023-09-20 Dispositif et procédé pour prendre en charge un service à distance Ceased WO2024117489A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP23898023.9A EP4583456A1 (fr) 2022-12-02 2023-09-20 Dispositif et procédé pour prendre en charge un service à distance
US19/092,163 US20250225262A1 (en) 2022-12-02 2025-03-27 Device and method for supporting remote service

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2022-0166956 2022-12-02
KR1020220166956A KR20240082867A (ko) 2022-12-02 2022-12-02 원격 서비스를 지원하는 장치 및 방법

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US19/092,163 Continuation US20250225262A1 (en) 2022-12-02 2025-03-27 Device and method for supporting remote service

Publications (1)

Publication Number Publication Date
WO2024117489A1 true WO2024117489A1 (fr) 2024-06-06

Family

ID=91324335

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2023/014213 Ceased WO2024117489A1 (fr) 2022-12-02 2023-09-20 Dispositif et procédé pour prendre en charge un service à distance

Country Status (4)

Country Link
US (1) US20250225262A1 (fr)
EP (1) EP4583456A1 (fr)
KR (1) KR20240082867A (fr)
WO (1) WO2024117489A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160149926A (ko) * 2015-06-19 2016-12-28 주식회사 경동원 토큰 서버 인증을 이용한 홈네트워크 기기의 원격 제어 시스템 및 방법
KR20180131006A (ko) * 2017-05-31 2018-12-10 삼성에스디에스 주식회사 토큰 관리 방법 및 이를 수행하기 위한 서버
KR102010488B1 (ko) * 2015-07-22 2019-08-13 주식회사 케이티 안전한 사물 인터넷 단말 원격 접속 시스템 및 그 방법, ip 주소 할당 방법
KR20190130206A (ko) * 2018-04-23 2019-11-22 (주)아이씨엔캐스트 분실 보안이 강화된 IoT기기 제3자 보안인증 시스템 및 방법
WO2021227964A1 (fr) * 2020-05-11 2021-11-18 华为技术有限公司 Procédé de communication sécurisée, et appareil et système associés

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160149926A (ko) * 2015-06-19 2016-12-28 주식회사 경동원 토큰 서버 인증을 이용한 홈네트워크 기기의 원격 제어 시스템 및 방법
KR102010488B1 (ko) * 2015-07-22 2019-08-13 주식회사 케이티 안전한 사물 인터넷 단말 원격 접속 시스템 및 그 방법, ip 주소 할당 방법
KR20180131006A (ko) * 2017-05-31 2018-12-10 삼성에스디에스 주식회사 토큰 관리 방법 및 이를 수행하기 위한 서버
KR20190130206A (ko) * 2018-04-23 2019-11-22 (주)아이씨엔캐스트 분실 보안이 강화된 IoT기기 제3자 보안인증 시스템 및 방법
WO2021227964A1 (fr) * 2020-05-11 2021-11-18 华为技术有限公司 Procédé de communication sécurisée, et appareil et système associés

Also Published As

Publication number Publication date
EP4583456A1 (fr) 2025-07-09
KR20240082867A (ko) 2024-06-11
US20250225262A1 (en) 2025-07-10

Similar Documents

Publication Publication Date Title
WO2016137307A1 (fr) Attestation par mandataire
WO2021071157A1 (fr) Dispositif électronique et procédé de gestion d'adresse de chaîne de blocs au moyen dudit dispositif
WO2016137304A1 (fr) Sécurité de bout en bout sur la base de zone de confiance
WO2020171538A1 (fr) Dispositif électronique et procédé de fourniture de service de signature numérique de chaîne de blocs utilisant ce dernier
WO2018030707A1 (fr) Système et procédé d'authentification, et équipement d'utilisateur, serveur d'authentification, et serveur de service pour exécuter ledit procédé
WO2021010766A1 (fr) Dispositif et procédé d'authentification électronique faisant appel à une chaîne de blocs
WO2020029585A1 (fr) Procédé et dispositif de modélisation de fédération de réseau neuronal faisant intervenir un apprentissage par transfert et support d'informations
WO2016036115A1 (fr) Dispositif électronique et procédé de gestion de réenregistrement
WO2016129929A1 (fr) Système d'authentification de sécurité pour la connexion d'un membre d'un site web en ligne, et procédé associé
WO2021060745A1 (fr) Dispositif électronique pour la mise à jour d'un microprogramme à l'aide d'un circuit intégré de sécurité et son procédé de fonctionnement
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2020091525A1 (fr) Procédé de paiement à l'aide d'une authentification biométrique et dispositif électronique associé
WO2019098790A1 (fr) Dispositif électronique et procédé de transmission et de réception de données d'après un système d'exploitation de sécurité dans un dispositif électronique
WO2013183818A1 (fr) Procédé et système pour un service de messagerie dans un environnement à plusieurs dispositifs, et appareil associé
WO2016085062A1 (fr) Procédé d'authentification par carte d'authentification nfc
WO2019182377A1 (fr) Procédé, dispositif électronique et support d'enregistrement lisible par ordinateur permettant de générer des informations d'adresse utilisées pour une transaction de cryptomonnaie à base de chaîne de blocs
EP3619633A1 (fr) Procédé permettant de fournir une mise à jour de service et dispositif électronique prenant en charge ledit procédé
WO2023128341A1 (fr) Procédé et système de détection de transaction frauduleuse à l'aide de données chiffrées de manière homomorphe
WO2019164264A1 (fr) Appareil électronique et procédé de fonctionnement associé
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
WO2022010134A1 (fr) Procédé de chiffrement de message et dispositif électronique
WO2020209596A1 (fr) Dispositif électronique et procédé de partage d'informations médicales par un dispositif électronique
WO2020111488A1 (fr) Dispositif électronique, serveur et procédé de fonctionnement pour enregistrer un dispositif ido
WO2021049681A1 (fr) Dispositif électronique permettant d'effectuer une authentification se basant sur un serveur en nuage, et procédé de commande pour celui-ci
WO2024117489A1 (fr) Dispositif et procédé pour prendre en charge un service à distance

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23898023

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023898023

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2023898023

Country of ref document: EP

Effective date: 20250403

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 2023898023

Country of ref document: EP